CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo LOG –sprawdzenie

LOG –sprawdzenie

Proszę sprawdzić

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32f0mered.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004Pavsrv51.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:Program FilesQCD 3QCDPlayer.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesFlashGetflashget.exe
C:DownloadsHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [Start aThx Roll] f0mered.exe
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..RunServices: [Start aThx Roll] f0mered.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Start aThx Roll] f0mered.exe
O4 – HKCU..Run: [DialerSpy] C:Program FilesDialerSpydspy.exe
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{8835035C–A95F–4570–BE08–621F03B9F853}: NameServer = 217.30.129.149 217.30.137.200

Odpowiedzi: 6

Masz WORM_RANDON (wg Trend Micro)

To te pliki:
repcale.exe, beird.exe

Wylacz przywracanie
Usun:
c:windowssystem32ccdew

Fix:
O4 – HKCU..Run: [ALTER DATA] c:windowssystem32ccdew epcale.exe c:windowssystem32ccdeweird.exe
O4 – HKCU..RunServices: [ALTER DATA] c:windowssystem32ccdew epcale.exe c:windowssystem32ccdeweird.exe

Wlacz przywracanie

Pokaz sreen z taska
Bobi
Dodano
01.12.2004 18:13:16
Ty razem uźycie procka mam ciągle 100 % !! Co robić ??

Logfile of HijackThis v1.97.7
Scan saved at 16:31:02, on 2004–12–01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004Pavsrv51.exe
C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:DownloadsHijackThis.exe

O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [ccApp] C:Program FilesCommon FilesSymantec SharedccApp.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [DialerSpy] C:Program FilesDialerSpydspy.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [ALTER DATA] c:windowssystem32ccdew epcale.exe c:windowssystem32ccdeweird.exe
O4 – HKCU..Run: [Worm Detector] C:Program FilesWorm Detector 3Wd.exe tray
O4 – HKCU..RunServices: [ALTER DATA] c:windowssystem32ccdew epcale.exe c:windowssystem32ccdeweird.exe
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 – Unknown file in Winsock LSP: c:program filespanda softwarepanda titanium antivirus 2004pavlsp.dll
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{8835035C–A95F–4570–BE08–621F03B9F853}: NameServer = 217.30.129.149 217.30.137.200

Wszystko zaczeło się po tym jak zainstalowałem nortona !! Ale teraz nie moge go usunąć !!
bystry77
Dodano
01.12.2004 17:33:33
Najpier trzeba proces ukiblowac i plik usunac
Wylacz przywracanie

Wylacz:
f0mered.exe

Oprocz tego co Rebe napisal usun jeszcze:
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k


Wlacz przywracanie
Bobi
Dodano
29.11.2004 20:26:38
Przywracanie pewnie masz włączone i nie wyłaczyłeś na czas czysczenia.
Rebe
Dodano
29.11.2004 20:17:58
Przywracanie pewnie masz włączone i nie wyłaczyłeś na czas czysczenia.
Rebe
Dodano
29.11.2004 20:17:58
zrobiłem to co pisze na tej stronie ale kiedy uruchomiłem kompa od nowa znów jest to samo !!??
Co robić ??
bystry77
Dodano
29.11.2004 19:27:06
bystry77
Dodano:
29.11.2004 16:11:26
Komentarzy:
6
Strona 2 / 2